[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: DIGEST-MD5: conflict between RFC 2829 and RFC 2831
Steve:
As Kurt mentioned, both RFCs 2829 and 2831 are in the process of being
rewritten to move to Draft Standard status (if possible) and discussion is
happening on the ietf-ldabis list. The content of RFC 2829 in particular
will be reorganized for clarity, including the bind/sasl language
currently in RFC 2251. This bug (thanks for the catch, Steve, and you
too, Larry) is an excellent example of why it is A Bad Thing to restate
specifics of SASL mechanisms in application-protocol SASL profiles, so we
should avoid making this mistake again as we rewrite.
- RL "Bob"
---
> Since I've just started following these lists, I'm not clear on how to
> get this resolved; I'm certainly willing to help. A possible re-wording
> is:
>
>
> RFC 2831
> ...
> The server receives and validates the "digest-response". The server
> checks that the nonce-count is "00000001". It sends a message
> formatted as follows:
>
> ...(description of rspauth )...
>
> If the server supports subsequent authentication (see section 2.2), it
> saves the value of the nonce and the nonce-count.
> ...
>
> RFC 2829
> ...
> The server will respond with a bind response in which the resultCode
> is either success, or an error indication. If the authentication is
> successful , then the credentials field contains the string defined
> by "response-auth"
> in section 2.1.3 of [4]. Support for subsequent authentication is
> OPTIONAL in clients and servers.
> ...